:source: fortios_vpn_ipsec_phase2_interface.py :orphan: .. fortios_vpn_ipsec_phase2_interface: fortios_vpn_ipsec_phase2_interface -- Configure VPN autokey tunnel in Fortinet's FortiOS and FortiGate. +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ .. versionadded:: 2.0.0 .. contents:: :local: :depth: 1 Synopsis -------- - This module is able to configure a FortiGate or FortiOS (FOS) device by allowing the user to set and modify vpn_ipsec feature and phase2_interface category. Examples include all parameters and values need to be adjusted to datasources before usage. Tested with FOS v6.0.0 Requirements ------------ The below requirements are needed on the host that executes this module. - ansible>=2.15 Tips ---- Using member operation to add an element to an existing object. FortiOS Version Compatibility ----------------------------- Supported Version Ranges: v6.0.0 -> v7.6.6 Parameters ---------- .. raw:: html Notes ----- .. note:: - Legacy fortiosapi has been deprecated, httpapi is the preferred way to run playbooks - The module supports check_mode. Examples -------- .. code-block:: yaml+jinja - name: Configure VPN autokey tunnel. fortinet.fortios.fortios_vpn_ipsec_phase2_interface: vdom: "{{ vdom }}" state: "present" access_token: "" vpn_ipsec_phase2_interface: add_route: "phase1" addke1: "0" addke2: "0" addke3: "0" addke4: "0" addke5: "0" addke6: "0" addke7: "0" auto_discovery_forwarder: "phase1" auto_discovery_sender: "phase1" auto_negotiate: "enable" comments: "" dhcp_ipsec: "enable" dhgrp: "1" diffserv: "enable" diffservcode: "" dst_addr_type: "subnet" dst_end_ip: "" dst_end_ip6: "" dst_name: " (source firewall.address.name firewall.addrgrp.name)" dst_name6: " (source firewall.address6.name firewall.addrgrp6.name)" dst_port: "0" dst_start_ip: "" dst_start_ip6: "" dst_subnet: "" dst_subnet6: "" encapsulation: "tunnel-mode" inbound_dscp_copy: "phase1" initiator_ts_narrow: "enable" ipv4_df: "enable" keepalive: "enable" keylife_type: "seconds" keylifekbs: "5120" keylifeseconds: "43200" l2tp: "enable" name: "default_name_38" pfs: "enable" phase1name: " (source vpn.ipsec.phase1-interface.name)" proposal: "null-md5" protocol: "0" replay: "enable" route_overlap: "use-old" single_source: "enable" src_addr_type: "subnet" src_end_ip: "" src_end_ip6: "" src_name: " (source firewall.address.name firewall.addrgrp.name)" src_name6: " (source firewall.address6.name firewall.addrgrp6.name)" src_port: "0" src_start_ip: "" src_start_ip6: "" src_subnet: "" src_subnet6: "" Return Values ------------- Common return values are documented: https://docs.ansible.com/ansible/latest/reference_appendices/common_return_values.html#common-return-values, the following are the fields unique to this module: .. raw:: html
  • build - Build number of the fortigate image returned: always type: str sample: 1547
  • http_method - Last method used to provision the content into FortiGate returned: always type: str sample: PUT
  • http_status - Last result given by FortiGate on last operation applied returned: always type: str sample: 200
  • mkey - Master key (id) used in the last call to FortiGate returned: success type: str sample: id
  • name - Name of the table used to fulfill the request returned: always type: str sample: urlfilter
  • path - Path of the table used to fulfill the request returned: always type: str sample: webfilter
  • revision - Internal revision number returned: always type: str sample: 17.0.2.10658
  • serial - Serial number of the unit returned: always type: str sample: FGVMEVYYQT3AB5352
  • status - Indication of the operation's result returned: always type: str sample: success
  • vdom - Virtual domain used returned: always type: str sample: root
  • version - Version of the FortiGate returned: always type: str sample: v5.6.3
Status ------ - This module is not guaranteed to have a backwards compatible interface. Authors ------- - Link Zheng (@chillancezen) - Jie Xue (@JieX19) - Hongbin Lu (@fgtdev-hblu) - Frank Shen (@frankshen01) - Miguel Angel Munoz (@mamunozgonzalez) - Nicolas Thomas (@thomnico) .. hint:: If you notice any issues in this documentation, you can create a pull request to improve it.